VDB
SUSE-SU-2021%3A2212-1
SUSE-SU-2021%3A2212-1
PUBLISHED
CVSS 9.300000190734863 CRITICAL
This update for qemu fixes the following issues: Security issues fixed: - CVE-2021-3546: Fix out-of-bounds write in virgl_cmd_get_capset (bsc#1185981) - CVE-2021-3544: Fix memory leaks found in the virtio vhost-user GPU device (bsc#1186010) - CVE-2021-3545: Fix information disclosure due to uninitialized memory read (bsc#1185990) Non-security issues fixed: - Fix testsuite error (bsc#1184574) - Fix qemu crash with iothread when block commit after snapshot (bsc#1187013) - Fix qemu hang while cancelling migrating hugepage vm (bsc#1185591) - Use RCU to avoid race during scsi hotplug/hotunplug (bsc#1184574)
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SUSE:Linux Enterprise Module for Server Applications 15 SP2 | qemu | 0, 0 |
| SUSE:Linux Enterprise Module for Basesystem 15 SP2 | qemu | 0, 0 |
| SUSE:Linux Enterprise Micro 5.0 | qemu | 0, 0 |
Timeline
- Jun 30, 2021 CVE Published
- Feb 4, 2026 CVE Updated
References
- https://www.suse.com/support/update/announcement/2021/suse-su-20212212-1/ advisory
- https://bugzilla.suse.com/1184574 report
- https://bugzilla.suse.com/1185591 report
- https://bugzilla.suse.com/1185981 report
- https://bugzilla.suse.com/1185990 report
- https://bugzilla.suse.com/1186010 report
- https://bugzilla.suse.com/1187013 report
- https://www.suse.com/security/cve/CVE-2021-3544 url
- https://www.suse.com/security/cve/CVE-2021-3545 url
- https://www.suse.com/security/cve/CVE-2021-3546 url